Supply Chain Security Must Mimic Enterprise Security

    Slide Show

    Security Risks in the Supply Chain

    Few areas within a business have benefited from the Internet of Things (IoT) as much as the supply chain. The advent of tracking and tracing technology through the supply chain gave products a voice for the first time, explains Michael Lucas, chairman of i3 Brands, and this technology advancement provided a revolutionary level of transparency that hugely benefited industries and manufacturers, and ultimately consumers.

    “The onset of IoT has simply enabled another improved mechanism for collecting all the micro-pieces of data that occur along the product journey,” Lucas continues. “Beyond simply speaking in ‘one word answers,’ IoT-enabled products are able to speak in full sentences, which allows for continuous diagnostic reporting. This creates unprecedented levels of visibility, allowing manufacturers to become proactive in their approach to the supply chain.”

    With this increased visibility to receive, analyze and respond to real-time data, supply chain managers are able to optimize their inventory stock and to reduce their costs. However, the devices and technologies, many of them mobile, that make the supply chain more efficient come with security risks if they aren’t properly secured with enterprise-grade hardware and software.

    “Consumer-grade devices that have flooded the enterprise and supply chain, due to BYOD, have created additional cyber-attack vectors where data in the supply chain can become compromised,” says Jim Dempsey, enterprise business development manager with Panasonic Mobility. “Supply chain managers have a wealth of data available to them via smart devices such as RFID tags and mobile machine-to-machine sensors to help streamline their operations. They need to make sure they are properly secured.”

    Secure Supply Chain

    Security issues in the supply chain mirror those across the enterprise: data security, privacy, confidentiality and theft of intellectual property, unsecure BYOD, and security vulnerabilities, as well as physical security of the actual supplies and those handling them.

    “Companies should invest in enterprise-grade devices and solutions with internal and external security protections,” says Dempsey. He recommended a layered security approach that includes hardware level (chip), software-level encryption, compatibility with multi-factor authentication programs, and secure VPN technology. “This will ensure multiple layers of security to allay some of the concerns supply chain managers may have with sensitive data being compromised.”

    BYOD can pose the same threat to consumers that it does to enterprises in the supply chain as the supply chain becomes more connected with the growth of the IoT and mobile transformation, Dempsey adds.

    “If someone uses their personal device for work and at home and it becomes compromised without their knowledge, it could potentially compromise company data and their personal data as well. This is why supply chain managers should be equipping employees with enterprise mobile devices rather than allowing them to bring their own.”

    The need for a strong security system in the supply chain is simple. A tremendous amount of sensitive data is available, ranging from detailed information on customers and suppliers to an account of shipments. It is why supply chain management has to apply good data governance, says Rob Cheng, head of growth at Elementum.

    Data governance requires that your vendor clearly defines ownership of data elements and the governance controls to ensure the information remains confidential. That way, your information remains your information,” he adds.

    Supply Chain Security Best Practices

    Supply chain security isn’t a one-way street, either, Cheng reminds us. “Be sure that your vendor takes security vulnerabilities seriously. This means that they can demonstrate a rigorous security program that ensures people, engineering, and processes deliver confidentiality, integrity, and availability of your information.”

    If vendors don’t hold supply chain security best practices to an acceptable standard, supply chain decision makers have the option to walk away and find a vendor who will. Consumers and customers who are affected by supply chain decisions don’t have that luxury.

    “In general, every time IoT security is compromised, so too is the security of consumers,” says Lucas. “These types of security concerns range from data ownership and privacy to hackers gaining control of our electrical grid. All these risks compromise the integrity of the supply chain and ultimately the quality of products, which can have a huge impact on consumer health and safety.”

    All parties need to use a “trust but verify” methodology to information and requests for action.

    “It’s important for employees and consumers to stay alert and play a role in being the front line of defense in many of these attacks,” says David Hood, ‎director, Technology Marketing, at email security company Mimecast. It’s also worthwhile for companies and partners to think about instituting procedures that will provide a second check to make sure that transactions requested are indeed valid and have the requisite signoff, he adds.

    The IoT has had a profound effect on the supply chain by creating an ecosystem in which products can now proactively initiate a need for maintenance and supply, and that takes away the inefficiencies of old manual processes. However, as business interactions and supply chain efficiencies improve through the IoT, it adds new attack vectors for cybercriminals. Security for the supply chain needs to be as vigilant and sophisticated as it is for any other business function.

    “Companies that make the investment in a layered security approach with enterprise-grade devices are going to not only ensure improved security,” Dempsey says, “but they’ll have improved efficiency and public perception thanks to a lack of data breaches.”

    Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles